FCC chairman updates Internet service provider privacy proposal

Contact:.(JavaScript must be enabled to view this email address), 202-577-3088

Washington, DC—Today, Federal Communications Commission Chairman Tom Wheeler circulated proposed rules that would require broadband carriers and internet service providers (ISPs) to get customer permission before tracking sensitive categories of data derived from subscribers’ online behavior. Chairman Wheeler has scheduled a vote on the proposal at the Commission’s monthly meeting on Oct. 27.

“Internet service providers and mobile broadband carriers have access to highly personal data about customers' online activities and communications,” said Linda Sherry of Consumer Action. “We are pleased that Chairman Wheeler and his team recognize that consumers shouldn’t have to choose between privacy and internet access. This could be a big win for consumers and we urge the full FCC to approve the chairman’s proposal this month.”

Consumer Action is pleased to learn that the chairman’s suggested definition of “sensitive” information requiring consumers’ express permission before it can be tracked or retained for use by companies includes web browsing history; location (typically tracked via internet enabled devices, such as smartphones); children’s online activities, health and financial information; Social Security numbers; app usage history and the content of online communications. (Use and sharing of other categories of “non-sensitive information” would be subject to opt-out consent requirements, meaning consumers would have to say they do not want to be targeted for offers for other goods or services, such as alarm systems or mobile phone accessories.)

The proposal would require heightened disclosure for plans that provide discounts or other incentives in exchange for consumer consent to use and share their personal information (“pay for privacy” schemes). The proposed rules would allow ISPs to use and share de-identified information without consumer consent but it recognizes that de-identification must be a careful and robust process as there are many ways to "re-identify" and link data to specific individuals.

The rule would require broadband carriers and ISPs to protect subscriber personal information and notify subscribers impacted by data breaches. Additionally, the rules would prohibit ISPs from refusing to serve customers who don’t consent to the use and sharing of their information for commercial purposes.

The proposed rules must be approved by the full Commission before becoming law. We look forward to supporting the FCC as it refines, promptly finalizes and vigorously implements this rule.

# # #

Consumer Action has been a champion of underrepresented consumers nationwide since 1971. A non-profit 501(c)(3) organization, Consumer Action focuses on consumer education that empowers low- and moderate-income and limited-English-speaking consumers to financially prosper. It also advocates for consumers in the media and before lawmakers to advance consumer rights and promote industry-wide change.